[30859] in Kerberos
Java app as Windows Service w/JGSS+Kerberos - should it work?
daemon@ATHENA.MIT.EDU (Chris)
Wed Mar 11 22:13:59 2009
From: Chris <chriscorbell@gmail.com>
Date: Wed, 11 Mar 2009 17:08:40 -0700 (PDT)
Message-ID: <6b841767-2853-444b-8e68-56891fba7150@z8g2000prd.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I have a JBoss webservice app that's configured for GSS-API (Kerberos)
authentication of context tokens received from clients. It gets the
GSS-API output token in a soap message and calls acceptSecContext().
GSS-API is configured wtih a Krb5LoginModule and a local keyTab file
(exported from AD). All of this works great.
What doesn't work great is running this JBoss app as an actual Windows
Service - the creation of the server's GSSCredentials fails with "No
valid credentials provided", which I think typically means the keyTab
file isn't found or can't be accessed.
I've tried every type of user for the Widnows Service (LocalSystem, a
local Admin user account w/password, etc.) and verified read perms on
the keyTab file. I'm beginning to suspect it's just a problem with
having the JVM wrapped in a native service process. (I'm using the
Tanuki Java Service Wrapper).
I know this is a fairly specific configuration but I'm hoping someone
may have some experience to offer - have you been able to get a GSS-
API-enabled Java server application running as a Windows Service with
a local KeyTab file? If you have gotten this to work, did you ever see
the above symptom & is there a likely cause? Or if not, could it be
that this simply won't work - is there something about the Java GSS-
API implementation that conflicts with running in a wrapping service
process?
TIA,
Chris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
